1. Home
  2. Lainnya

GetCapabilities operation Advertise operation

84 Copyright © 2009 Open Geospatial Consortium, Inc. sensor, the RegisterSensor operation shall contain two identities: The identity of the admin and the identity of the sensor to be registered. The SOS shall establish access control based on the admin’s identity to prevent unauthorized registrations and use the sensor identity information for verification that the sensor is trustworthy. The AssignedSensorId element in the response requires confidentiality to prevent the adversary to leverage Create InsertObservation attack. As it is essential for the user to get assurance that no observation reported by a sensor is missing, the SOS shall create a sequence number to be incremented each time a sensor inserts an observation. The sequence number can be used by the client to check, if the list of observations is complete.

9.7 Sensor Alert Service

9.7.1 GetCapabilities operation

Asset: Subscription Offerings Cause Man-In-The-Middle Effect User client will receive fraudulent subscription offerings from the SAS. This can include fictitious offerings or removed offerings or an empty list of offerings SubscriptionOfferingList. Result User gets fraudulent offerings or does not know about existing offerings. Scope Application specific knowledge required. Example Likelihood Medium Impact on Asset None Impact on User Direct affect on use of asset. Potential NA Reason Sabotage Requirement Integrity Table 84: Modify GetCapabilities response Copyright © 2009 Open Geospatial Consortium, Inc. 85 Cause Adversary’s client can execute SAS. Effect SAS GetCapbilities operation is invoked. Result Adversary will get the capabilities of the SAS. Scope Application specific knowledge required. Example Likelihood High Impact on Asset None Impact on User None Potential The adversary can obtain subscription offerings. This information can be used by the adversary to inject fraudulent alerts using the Advertise operation and Subscribe operation to obtain the related alerts. Reason Espionage Sabotage as the information from the capabilities can be the baseline for other attacks. Requirement None Table 85: Create GetCapabilites request Cause Eavesdropping and adversary’s client can execute SAS. Effect Adversary’s client sends recorded GetCapabilities request messages to SAS. Result SAS GetCapbilities operation is invoked and capabilities are returned to the adversary. Scope No application specific knowledge required. Example Likelihood High Impact on Asset None Impact on User None Potential NA Reason Espionage Requirement None 86 Copyright © 2009 Open Geospatial Consortium, Inc. Table 86: Replay GetCapabilites request

9.7.2 Advertise operation

Asset: Alert Subscription Offerings Cause Man-In-The-Middle Effect SAS will receive fraudulent advertisements and create fraudulent offerings. Result Clients will subscribe to the fraudulent offerings and users will receive fraudulent alerts or no alerts at all. Scope Application specific knowledge required. Example The adversary changes the location of the sensor in the advertise message from 51.96,7.607 to 48.8,11,34. This will create an offering with a location of the sensor at 48.8,11,34. If a client subscribes for this offering, it will receive alerts directly from the sensor via the XMPP MUC that report the sensor’s location at 51.96,7.607. Likelihood Medium Impact on Asset Direct affect, as SAS will produce fraudulent offerings. Impact on User Direct affect on asset effective to all subscribed clients. Potential NA Reason Sabotage Requirement Integrity Table 87: Modify Advertise request Cause Man-In-The-Middle Effect User client will receive confirmation with a fraudulent ID and fraudulent XMPP MUC. Result User client will connected to the MUC given by the adversary and will either never receive alerts or receive fraudulent alerts. Scope Application specific knowledge is required. Example Likelihood Medium Copyright © 2009 Open Geospatial Consortium, Inc. 87 Impact on Asset None Impact on User Indirect affect on asset as the client will connect to the fraud MUC. Potential NA Reason Sabotage Requirement Integrity Table 88: Modify Advertise response Cause Adversary’s client can execute SAS. Effect SAS will receive fraudulent offering. Result Clientsusers that subscribe for these offerings will either never receive an alert or receive fraudulent fictitious alerts. Depending on the implementation, the SAS might crash due to an overflow of offerings to be managed or perform slow. Scope Application specific knowledge required. Example Likelihood Low Impact on Asset Direct affect on asset. Impact on User Impact to all users that receive the advertisement. Potential PublicationID and XMPP URI can be obtained by the adversary. The PublicationID can be used for cancellation of publications and he XMPP URI can be used for recording alerts. Reason Espionage, Sabotage Requirement Access Control to ensure only authorized owners of an offering can use this operation. Table 89: Create Advertise request Cause Eavesdropping and adversary’s client can execute SAS. Effect SAS will create offering that might be outdated. Result If the adversary replays a request after the sensor has send a CancelAdvertisement message, the SAS will re-create the offering and provide this dead offering for which no sensor will send data or the adversary will send data. 88 Copyright © 2009 Open Geospatial Consortium, Inc. Clients might subscribe to dead or fraudulent offerings. Scope No application specific knowledge required. Example Likelihood High Impact on Asset Affect on all assets that have been cancelled in the meantime. Impact on User Impact on all users as all assets that have been cancelled in the meantime become again available. Potential NA Reason Sabotage Requirement Unique request id and time stamp to detect replay. Table 90: Replay Advertise request Cause Man-In-The-Middle Effect The advertisement of alerts will b e received by the adversary’s SAS. Result The subscribed users will not receive the alert. Scope Application specific knowledge required. Example Likelihood Low Impact on Asset None Impact on User Impact on all users as the advertisement will not be available at the actual SAS. Reason Sabotage Requirement SAS authentication and authenticity on the response. Table 91: Redirect Advertise request Cause Eavesdropping Effect NA Result The adversary fetches information important to exercise attacks that allow the injection of fictitious, hence fraudulent alerts and record alerts after subscription. Copyright © 2009 Open Geospatial Consortium, Inc. 89 Scope No application specific knowledge required. Example Likelihood High Impact on Asset None Impact on User None Reason Espionage and preparation for further attacks. Requirement Confidentiality Table 92: Record Advertise requestresponse

9.7.3 RenewAdvertisement operation

Dokumen yang terkait

OWS-9 WCS Conformance Testing Engineering Report

0 0 21

OGC® OWS-9 - OWS Context evaluation IP Engineering Report

0 0 109

OGC® OWS 9 Data Quality and Web Mapping Engineering Report

0 0 26

OGC® OWS-9 Web Feature Service Temporality Extension Engineering Report

0 0 12

OWS-9 Aviation Architecture Engineering Report

0 1 147

OWS-9 Aviation Portrayal Engineering Report

0 0 42

OWS-8 Aviation - WXXM Engineering Report

0 1 68

OWS-8 Aviation Architecture Engineering Report

0 0 126

OWS-7 Event Architecture Engineering Report

0 0 197

OWS-6 Geoprocessing Workflow Architecture Engineering Report

0 0 80